From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States.
UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments. Using pretexts such as data migration or invoice related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.
Read more…
Source: Mandiant
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Accellion FTA Zero-Day Attacks Show Ties to Clop Ransomware, FIN11
February 22, 2021
Researchers have identified a set of threat actors (dubbed UNC2546 and UNC2582) with connections to the FIN11 and the Clop ransomware gang as the cybercriminal group behind the global zero-day attacks on users of the Accellion legacy File Transfer Appliance product. Multiple Accellion FTA customers, including the Jones Day Law Firm, Kroger and Singtel, have all ...
- TDoS Attacks Take Aim at Emergency First-Responder Services
February 22, 2021
Telephony denial-of-service (TDoS) attacks, which affect the availability and readiness of call centers, are hitting critical first-responder facilities, according to the Federal Bureau of Investigation (FBI). A TDoS attack is designed to prevent incoming and outgoing calls, by flooding a target with junk calls. “The objective is to keep the distraction calls active for as long as ...
- Chinese hackers cloned attack tool belonging to NSA’s Equation Group
February 22, 2021
Chinese threat actors “cloned” and used a Windows zero-day exploit stolen from the NSA’s Equation Group for years before the privilege escalation flaw was patched, researchers say. On Monday, Check Point Research (CPR) said the tool was a “clone” of software developed by the US National Security Agency (NSA)’s Equation Group, identified by FireEye in 2015 ...
- Lakehead University shuts down campus network after cyberattack
February 21, 2021
Canadian undergraduate research university Lakehead has been dealing with a cyberattack that forced the institution earlier this week to cut off access to its servers. The school’s services, including its website, have been down since Tuesday, with personnel shutting down computers on the Thunder Bay and Orillia campuses to stop the attack from spreading. In a communication ...
- Recently fixed Windows zero-day actively exploited since mid-2020
February 20, 2021
Microsoft says that a high-severity Windows zero-day vulnerability patched during the February 2021 Patch Tuesday was exploited in the wild since at least the summer of 2020 according to its telemetry data. The actively exploited zero-day bug is tracked as ‘CVE-2021-1732 – Windows Win32k Elevation of Privilege Vulnerability.’ It allows local attackers to elevate their privileges to ...
- SonicWall releases additional update for SMA 100 vulnerability
February 20, 2021
SonicWall has released a second firmware update for an SMA-100 zero-day vulnerability known to be used in attacks and is warning to install it immediately. Last month, SonicWall disclosed that their internal systems were attacked using a zero-day vulnerability in their SMA-100 remote access devices. A week later, cybersecurity firm NCC Group discovered the zero-day vulnerability used ...